diff --git a/iap/src/main/java/com/example/iap/BuildIapRequest.java b/iap/src/main/java/com/example/iap/BuildIapRequest.java index 2fae86f320c..b3d76ab10d0 100644 --- a/iap/src/main/java/com/example/iap/BuildIapRequest.java +++ b/iap/src/main/java/com/example/iap/BuildIapRequest.java @@ -25,29 +25,28 @@ import com.google.auth.oauth2.GoogleCredentials; import com.google.auth.oauth2.IdTokenCredentials; import com.google.auth.oauth2.IdTokenProvider; -import java.time.Clock; +import com.google.common.base.Preconditions; +import java.io.IOException; import java.util.Collections; public class BuildIapRequest { private static final String IAM_SCOPE = "https://www.googleapis.com/auth/iam"; - private static final String OAUTH_TOKEN_URI = "https://www.googleapis.com/oauth2/v4/token"; - private static final String JWT_BEARER_TOKEN_GRANT_TYPE = - "urn:ietf:params:oauth:grant-type:jwt-bearer"; - private static final long EXPIRATION_TIME_IN_SECONDS = 3600L; private static final HttpTransport httpTransport = new NetHttpTransport(); - private static Clock clock = Clock.systemUTC(); - private BuildIapRequest() {} - private static IdTokenProvider getIdTokenProvider() throws Exception { + private static IdTokenProvider getIdTokenProvider() throws IOException { GoogleCredentials credentials = GoogleCredentials.getApplicationDefault().createScoped(Collections.singleton(IAM_SCOPE)); - // service account credentials are required to sign the jwt token - if (credentials == null || !(credentials instanceof IdTokenProvider)) { - throw new Exception("Google credentials : credentials that can provide id tokens expected"); - } + + Preconditions.checkNotNull(credentials, "Expected to load credentials"); + Preconditions.checkState( + credentials instanceof IdTokenProvider, + String.format( + "Expected credentials that can provide id tokens, got %s instead", + credentials.getClass().getName())); + return (IdTokenProvider) credentials; } @@ -57,16 +56,17 @@ private static IdTokenProvider getIdTokenProvider() throws Exception { * @param request Request to add authorization header * @param iapClientId OAuth 2.0 client ID for IAP protected resource * @return Clone of request with Bearer style authorization header with signed jwt token. - * @throws Exception exception creating signed JWT + * @throws IOException exception creating signed JWT */ public static HttpRequest buildIapRequest(HttpRequest request, String iapClientId) - throws Exception { + throws IOException { IdTokenProvider idTokenProvider = getIdTokenProvider(); - IdTokenCredentials credentials = IdTokenCredentials.newBuilder() - .setIdTokenProvider(idTokenProvider) - .setTargetAudience(iapClientId) - .build(); + IdTokenCredentials credentials = + IdTokenCredentials.newBuilder() + .setIdTokenProvider(idTokenProvider) + .setTargetAudience(iapClientId) + .build(); HttpRequestInitializer httpRequestInitializer = new HttpCredentialsAdapter(credentials); diff --git a/iap/src/test/java/com/example/iap/BuildAndVerifyIapRequestIT.java b/iap/src/test/java/com/example/iap/BuildAndVerifyIapRequestIT.java index e5f52e86e67..3bef9a2824e 100644 --- a/iap/src/test/java/com/example/iap/BuildAndVerifyIapRequestIT.java +++ b/iap/src/test/java/com/example/iap/BuildAndVerifyIapRequestIT.java @@ -33,9 +33,9 @@ import org.junit.runners.JUnit4; @RunWith(JUnit4.class) -//CHECKSTYLE OFF: AbbreviationAsWordInName +// CHECKSTYLE OFF: AbbreviationAsWordInName public class BuildAndVerifyIapRequestIT { - //CHECKSTYLE ON: AbbreviationAsWordInName + // CHECKSTYLE ON: AbbreviationAsWordInName // Update these fields to reflect your IAP protected App Engine credentials private static Long IAP_PROJECT_NUMBER = 320431926067L;